First Citizens Bank uses Covelight Percept to Counter Insider Threats

May 23, 2005, The Percept firewall system helps the bank better monitor activity by authorized users, and issues alerts when someone is trying to access sensitive information such as Social Security numbers.
By Martin J. Garvey
InformationWeek

Most businesses install firewalls to keep the bad guys from penetrating their computer networks and systems and causing damage. But few companies take aggressive action to closely monitor and manage the activities of the users already on the network. Yet, security experts say the threat from "insiders" is just as serious as those coming from outside the company. First Citizens Bank wanted a better handle on the activities of authorized users and installed the Percept firewall system from Covelight Systems Inc. Most firewalls just block malicious software and issue reports or logs on the activity. "When something happened, they didn't let us know right away," says Chip Wentz, senior VP of information security at the bank. "Reading logs, we had to dedicate a couple of people, then parse out the log, and run queries to do the correlation."

Wentz wanted to know more about what was going on with the applications on the network in real time, rather than just reading logs about what already had happened. The Percept firewall can track the activity of every authenticated user, capture in real time all logins and logouts, and monitor every click of a Web site. "Now we're able to mitigate risk up front, and we have in-depth visibility into what users are doing with each app," he says.

A new version of Percept is being released on Monday, and Wentz says it should let him more closely monitor activity on the network and do a better job of correlating events with threat levels. The system also will generate reports on users requesting sensitive data such as Social Security numbers. Covelight says policy-compliance reports, combined with real-time incident detection and notification, will alert appropriate security administrators of violations of company policies and other suspicious activity.